July 15th, 2003 02:35 AM
Don't leave yet. I have a question for you: in this thread http://www.antionline.com/showthread...hreadid=246102 you wanted to know how to "post something anonymously". Do you want to know how to do this because you want to report a weakness in a website? If yes, then say it and we'll be able to help you a lot more.
July 15th, 2003 02:58 AM
Tedob1 has given some good advise... Rule #1 in the real world is to cover your own arse!
Personally, I understand that your intentions are good, but the site administrators may not see it in that light.
And also, someone else may have discovered this weak password when you did and caused some damage, a coincidence I know, but nevertheless its definately possible. If you notify them, they may want to pursue you, even though you are the innocent party invloved... You just never know.
Proceed with caution!!
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
July 15th, 2003 03:17 AM
The best situation would be to let them know about the problem. But then u never know what kind of sysadmin is running it and they might take it the wrong way and go after you for it.
I guess for your own safety, the best would be to send an anonymous mail to them telling them abt the problem and let them decide what they want to do with the information. Also try to put your mail to them in a way that they do not take it the wrong way and get too defensive. Contacting their ISP migt be a good idea but then they might get the information from their ISP abt who contacted them and you might get into trouble.
With all the paranoia in businesses today, i think you have to be careful when letting people know about vulnerabilities in their systems. Cos the way to find vulnerabilities is to try to get into it or to scan it and this might be construed as trying to break in.
Just try to make sure you are anonymous when giving the info.
July 15th, 2003 02:55 PM
I'm with all of what has been said here, if u do it, do it anonymously.
Just to say that this is really a damn world. We can't even help out anyone without that person being suspicious, or wanting your ass in jail...
Well, I wouldn't take it bad if someone warned me about security issues on my site, has from what I have read, nor do the generality of u guys.
I just don't get it.
well, just to get this of my chest....
The world would be a better place if everyone started helping and accepting help from others....
July 15th, 2003 09:34 PM
I haven't run across web sites with weak password schemes but I have run across some sites with unprotected directories wide open. I have always sent an anonymous email to let them know and not open myself up to much by making it easy for them to see who I am or was. Now if you were hacking at the password for a couple of days, I would keep quiet or make a decent effort to cover the tracks. Because those logs that show your activity could be used in a manner that is unfriendly to you. If you feel that strong about telling them and you don't want to get identified, send a letter to the technical contact listed on WHOIS. Just mail it from a large populated zip code. Alternatively you could try the site "bad link" form. Sometime these are forms that exist outside e-mail links.
In reality, I don't think anything would happen and certainly taking you to court over the issue wouldn't be cost effective to them. They would have to subpoena your ISP etc., but you never know eh? See mailing suggestion above.
I agree with Nyx.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.